A former employee still had access to company systems four months after they left.
Nobody did anything wrong on purpose. The person left on good terms. The accounts just sat there, active, with full access. Email. Files. A cloud app or two.
This is one of the most common gaps we find in new clients, and it is almost always the same story. Onboarding gets attention because a new person cannot work until they have access. Offboarding gets forgotten because nothing breaks when you skip it. The risk is invisible right up until it is not.
The fix is not complicated. It is a checklist and one owner. When someone leaves, the same list runs every time. Disable accounts. Revoke access to every app, not just email. Reclaim or wipe the device. Change any shared passwords they knew. Done the same way, every time, no exceptions.
The reason this matters is not only the bad-leaver scenario, though that happens. It is that every active, unused account is one more door an attacker can walk through, and nobody is watching it because everyone forgot it was there.
Quick test for your company. Could you produce a list, today, of every system a departing employee needs to be removed from? If not, that list is your weekend project. It is worth it.